Voice-based services are becoming popular in the industry. Typically, these services are available as an application on a consumer operated device, such as the popular Apple® Siri® service. In some cases, the voice-based services are provided on their own independent devices, such as Amazon® Echo®. These voice-based service may have plugin modules providing the user the ability to access other user services or some of the user's messaging services (e.g., Twitter®, Facebook®, Instagram®, etc.).
Any real security on these messaging-based platforms and voice-based services is lacking. Frequently, these platforms are hacked and the news reports that user's accounts have been compromised. With the ability to integrate other user-based services through a mobile-application or browser-based interface to these voice-based services, even more security holes are readily apparent.
For example, a user may use the voice-service as a front end for accessing another sensitive service of the user, such as the user's bank services. The voice-service simply translates the user's voice to text and performs operations through the back-service's user-facing web interface. The user may speak sensitive information, such as a Personal Identification Number (PIN) or a password associated with the user's bank account for purposes of having the voice-service perform some bank operation as the user with the banking service. Anyone within earshot of the user could hear this and subsequently perform the same operations on the user's voice-service or a different voice-service not even associated with the user.
Moreover, these user-based services often store a history of interactions with the user. These histories are often stored in a cloud (server) environment. Access to these cloud storage locations are not very secure and can be easily compromised. So, spoken security information from a user can be obtained with little effort by a hacker of only modest skill.
Essentially, the rate of user acceptance for voice-based services and the expansion of integrated non-voice based services have not kept up with the necessary security. This is especially true where sensitive, private, or confidential information is spoken by the user.